Bug ID: 390314
           Summary: kwin_wayland SIGSEGV in
           Product: kwin
           Version: 5.12.0
          Platform: openSUSE RPMs
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: platform-wayland
  Target Milestone: ---
             Flags: Wayland+, X11-

Created attachment 110557
Detailed gdb backtrace

kwin_wayland session crashes when moving the cursor e.g. over another window.

There is an endless recursion when calling KWin::CursorImage::loadThemeCursor.
I will describe the scheme in short for details see the attached backtrace:
step1: Kwin calls KWin::CursorImage::loadThemeCursor
step2: Which then calls KWin::WaylandCursorTheme::get which call
step3: KWin::WaylandCursorTheme::loadTheme emits the event themeChanged()
(wayland_cursor_theme.cpp, line:70)
step4: This is handled by the lambda expession at pointer_input.cpp line 908,
which calls KWin::CursorImage::loadThemeCursor in line 911 which starts the
whole thing again (=> goto step1)

This cycle breaks in the moment when malloc fails to allocate and kwin crashes
with a segmentation fault:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f35190c0919 in malloc () from /lib64/

#0  0x00007f35190c0919 in malloc () from /lib64/
No symbol table info available.
#1  0x00007f351948d718 in operator new(unsigned long) () from
No symbol table info available.
#2  0x00007f3519c63f0d in QObjectPrivate::connectImpl(QObject const*, int,
QObject const*, void**, QtPrivate::QSlotObjectBase*, Qt::ConnectionType, int
const*, QMetaObject const*) () from /usr/lib64/
No symbol table info available.
#3  0x00007f3519c64295 in QObject::connectImpl(QObject const*, void**, QObject
const*, void**, QtPrivate::QSlotObjectBase*, Qt::ConnectionType, int const*,
QMetaObject const*) () from /usr/lib64/
No symbol table info available.
#4  0x00007f351bfcbded in QObject::connect<void (KWin::Cursor::*)(), void
(KWin::WaylandCursorTheme::*)()> (type=Qt::AutoConnection, slot=(void
(KWin::WaylandCursorTheme::*)(KWin::WaylandCursorTheme * const)) 0x7f351bfcbc70
<KWin::WaylandCursorTheme::loadTheme()>, receiver=0x563d373dfee0, signal=(void
(KWin::Cursor::*)(KWin::Cursor * const)) 0x7f351c015600
<KWin::Cursor::themeChanged()>, sender=0x563d36a12350) at
        types = 0x0
#5  KWin::WaylandCursorTheme::loadTheme (this=0x563d373dfee0) at
        size = <optimized out>
        this = 0x563d373dfee0
#6  0x00007f351bfcc0d0 in KWin::WaylandCursorTheme::get
(this=this@entry=0x563d373dfee0, name=...) at
        c = <optimized out>
#7  0x00007f351bfcc13d in KWin::WaylandCursorTheme::get (this=0x563d373dfee0,
shape=<optimized out>) at
No locals.
#8  0x00007f351bedbd7c in KWin::CursorImage::loadThemeCursor<Qt::CursorShape>
(this=0x563d37581b20, shape=shape@entry=@0x7ffd4e791354: Qt::ArrowCursor,
cursors=..., image=0x563d37581bd0) at
        cursor = <optimized out>
        b = <optimized out>
        buffer = <optimized out>
        it = {i = 0x7f3519cdc360 <QHashData::shared_null>}
#9  0x00007f351beda40d in KWin::CursorImage::loadThemeCursor (image=<optimized
out>, shape=<optimized out>, this=<optimized out>) at
No locals.
#10 KWin::CursorImage::<lambda()>::operator() (__closure=0x563d374e45c0) at
        this = 0x563d37581b20
#11 QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void,
>::call (arg=<optimized out>, f=...) at
No locals.
0>::call<QtPrivate::List<>, void> (arg=<optimized out>, f=...) at
No locals.
0, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *,
void **, bool *) (which=<optimized out>, this_=0x563d374e45b0, r=<optimized
out>, a=<optimized out>, ret=<optimized out>) at
No locals.
#14 0x00007f3519c600cc in QMetaObject::activate(QObject*, int, int, void**) ()
from /usr/lib64/
No symbol table info available.
#15 0x00007f351bfcbd5f in KWin::WaylandCursorTheme::loadTheme
(this=0x563d373dfee0) at
        size = -2147483648
        this = 0x563d373dfee0
---- stripped here see attached log for detailed backtrace -----

Setting kcminputrc_mouse_cursorsize='' in startupconfig prevents triggering
this bug (NOTE: it was originally set to 0 in my account). 

Please note that the attached backtrace does not show the full backtrace, hte
parts in the middle are just the same over and over again.

You are receiving this mail because:
You are watching all bug changes.

Reply via email to